GnuPG - best permissions & security of decrypted file - help please
Using FC4. Opera browser, Opera M2 email client. OpenOffice 2beta
and GnuPG as a newbie.
I believe I understand the basics of GnuPG and have created the appropriate keys etc - for that all is ok BUT
Can someone please let me know what permissions should be set.
It is set up to be used by either root or a user but I am not sure of the best way to set permissions for optimum security.
When a file (e.g. an OoO spreadsheet) is decrypted it is put into an insecure folder - is this correct ! Where should I decrypt to ?
Not strictly GPG but related; If I open the spreadsheet it will create a temporary file somewhere. How do I ensure that the temporary file is wiped (not just deleted) after use ?
Regarding permissions: set it to 700; Of course, root can always read it, so don't decrypt anything unless you trust root enough.
`Secure folders': give them 700 too.
Secure deletion of temporary files: make a hard link to them (so they won't get unlinked by the creating program), wait for the refcount to go to 1, then shred(1) the file. Don't allow other users to tamper with the hard link, of course.
If the program unlinks the directory entry after creating the temporary file, you're screwed though :(
|All times are GMT -5. The time now is 10:30 AM.|